Page MenuHomePhabricator

Enable uploads for LilyPond (.ly) and ABC (.abc) files on Commons
Open, Needs TriagePublic

Description

Per T208494.

Both LilyPond and ABC are already supported through the Score extension, but cannot be uploaded to Commons or rendered as thumbnails. The LilyPond software does have the ability to export to other formats, such as PDF and SVG. (Currently the extension renders scores as PNG and not as SVG; see T49578.)

There is no requirement to enable thumbnails or playback before it becomes possible to upload files to Commons; there was (I think) no expectation in the RfC that this would occur immediately due to the Community Wishlist Survey proposal for such not reaching the top 10.

Both LilyPond and ABC scores are intended to be written directly as source code. I don't know if this would cause security or upload issues.

Event Timeline

Would one be able to transclude them into articles? It might be a bit more compact than, say, this.

I think so. If thumbnailing is enabled, then it could be enabled through PDF and/or SVG exports for both LilyPond and MuseScore (using the existing software). PDF thumbnails already exist and have a |page= parameter, which I expect a PDF export from LilyPond would do.

Obviously this is just hypothetical right now. I'm sure it's possible, but even before anyone writes any code the specifics would need to be fleshed out (what parameters will exist in the format's file syntax, how to control parameters like export format, how to use both image and audio if that becomes a possibility, how to handle the page layout settings when exporting to different formats if that's done, etc.).

Download of .ly files should not be allowed unless there is a change in security policy from the LilyPond developers. LilyPond files trivially allow arbitrary execution when they are rendered by end users. Safe mode is supposed to prevent that, but it is not the default and is not recommended in the manual. In conversations relating to the recently discovered safe mode escape vulnerabilities (T258547, T259210, T260225), the developers stated that safe mode escape vulnerabilities are unsurprising, and that they consider that only OS-level containerization to be sufficient. But this level of isolation is beyond the abilities of ordinary end users.